We take security very seriously. We know our customers trust us with important data, and we use industry best practices to keep it secure. We consider security as the primary criteria when choosing service providers to work with. We have an extremely high bar for keeping data secure and continually audit and update our processes regularly.
Our infrastructure is designed with redundancy, fault tolerance and disaster recovery at the forefront. All of our application and data infrastructure is hosted on Amazon Web Services (AWS), a highly scalable cloud computing platform with end-to-end security and privacy features built in. Amazon Web Services (AWS) has achieved the highest level of certifications including ISO 27001 and SOC. All our infrastructure is within our virtual private cloud (VPC) with production access restricted to operations support staff only. This allows us to leverage complete firewall protection, private IP addresses and other security features. For more information, see AWS Security and AWS Compliance.
We design all services with high availability in mind. Our goal is to deliver 99.95% or better uptime across all our products. To support our uptime and performance goals, we employ a variety of enterprise-grade internal and third-party tools (for example: New Relic, Pingdom, Sentry.io, Nagios) to accurately monitor and report on any anomaly that could impact the delivery of our services.
Our credit card processor, Stripe, meets and exceeds the most stringent industry standards for security. It has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available.
We consider every single team member to be a member of the security team, and are dedicated to keeping all data secure.
All customer data is stored in the continental United States. Our content delivery network may serve static assets from around the world, but does not store customer data.
All new product features and internal processes are peer-reviewed and evaluated for their security impact before they are released to production. We strive to continuously monitor and improve our security practices in response to industry changes and customer feedback.